As with previous OpenBSD auctions, if you are not the successful bidder, we would like to encourage you to donate the equivalent of you highest bid to the project.

(Comments are closed)

By
Anonymous Coward (24.113.18.65)
on 2017-11-19 05:16

Please add the signify pubkeys for the release to the 6.2 email announcement so the data is replicated and able to be verified from separate locations on the internet. Without having a CD release that everyone can buy, this is important for security. There is the basic man-in-the-middle attack for all web content, which may seem silly to discuss, but is best to avoid. Otherwise, I see no reason to donate or consider OpenBSD secure, no matter how hard you work on the software. It is a question of whether the software can be received untainted.

Pubkeys are in the previous release. They are also mentioned on other channels like twitter.

By
Anonymous Coward (24.113.18.65)
on 2017-11-21 20:19

It is advantageous to get the pubkeys into a local copy as quick as possible, since any MITM attack requires time to create. Email happens to be the simplest medium to accomplish this task. Why is it so hard to add a few lines to an email?

By
AussieFrog (114.75.73.19)
on 2017-11-19 11:55

What's wrong with the keys on the OpenBSD website?

By
Anonymous Coward (93.39.139.222)
on 2017-11-19 12:36

MITM

By
Daniel Gracia (84.127.228.237)
on 2017-11-19 20:02

HTTPS is reliable enough for me; YMMV in relation to your paranoia level.